package cn.zdm.authserver.config.security;

import cn.zdm.authserver.config.authentication.SecurityAuthenticationFailureHandler;
import cn.zdm.authserver.config.authentication.SecurityAuthenticationSuccessHandler;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * copyright (C), 2021, 北京同创永益科技发展有限公司
 *
 * @author ZhaoDeman
 * @version 1.0.0
 * <author>                <time>                  <version>                   <description>
 * ZhaoDeman        2021/1/6 13:46                 1.0                        Security的配置类
 * @program auth-server
 * @description Security的配置类
 * @create 2021/1/6 13:46
 */
@EnableWebSecurity
@Slf4j
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        super.configure(auth);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        log.info("{}", "======");
        http.authorizeRequests()
                .anyRequest().authenticated()
                .and()
                .formLogin()
                .loginPage("/myLogin.html")
                //指定登录请求的处理路径
                .loginProcessingUrl("/login")
                //成功的请求逻辑
                .successHandler(new SecurityAuthenticationSuccessHandler())
                //失败的请求逻辑
                .failureHandler(new SecurityAuthenticationFailureHandler())
                // 使登录页不设限访问
                .permitAll()
                .and()
                .csrf().disable();
    }
}
